No windows update & Regedit lock

CA Anti-Spyware Log

CA Anti-Spyware Log Report
This report was generated on: 10/3/2008-2:58:16 PM

10/2/2008-4:17:36 PM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/2/2008-4:17:37 PM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/2/2008-4:17:37 PM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/2/2008-4:17:42 PM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/2/2008-4:17:45 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
10/3/2008-8:19:32 AM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/3/2008-8:19:35 AM , Detected , Zenotecnico , Adware , File "C:\Documents and Settings\My Pc\Desktop\click to find and fix errors.url" , -1
10/3/2008-8:19:40 AM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\My Pc\Desktop\registry cleaner.lnk" , -1
10/3/2008-8:19:41 AM , Detected , Ezula , Adware , File "C:\Documents and Settings\My Pc\Desktop\free online music.url" , -1
10/3/2008-8:19:41 AM , Detected , Registry Cleaner , Rogue Security Software , Folder "C:\Documents and Settings\My Pc\application data\registry cleaner" , -1
10/3/2008-8:28:03 AM , Detected , Limewire , P2P , Folder "C:\Documents and Settings\My Pc\.limewire" , -1
10/3/2008-1:54:10 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Documents and Settings\LocalService\Desktop\soref_regclean1.exe" , -1336253164
10/3/2008-1:55:33 PM , Detected , Limewire , P2P , File "C:\Documents and Settings\temp docs\Desktop\New Folder (2)\LimeWireWin.exe" , 213643229
10/3/2008-2:06:18 PM , Detected , TargetSaver , Downloader , File "C:\Program Files\Common Files\kwro\kwrod\class-barrel" , -1563323414
10/3/2008-2:06:19 PM , Detected , TargetSaver , Downloader , File "C:\Program Files\Common Files\kwro\kwrod\kwroc.dll" , -919127422
10/3/2008-2:06:19 PM , Detected , TargetSaver , Downloader , File "C:\Program Files\Common Files\kwro\kwrod\vocabulary" , 1232026381
10/3/2008-2:23:35 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Program Files\Registry Cleaner Retail\regclean.dll" , 261815134
10/3/2008-2:23:35 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\Program Files\Registry Cleaner Retail\Registry Cleaner.chm" , 420554717
10/3/2008-2:25:05 PM , Detected , Look2Me , Homepage Hijacker , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP429\A0391292.exe" , -2120863413
10/3/2008-2:26:55 PM , Detected , TargetSaver , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP430\A0396411.exe" , 1741017211
10/3/2008-2:26:58 PM , Detected , TargetSaver , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP430\A0396414.exe" , 25981234
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416812.dll" , 473871802
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416813.dll" , -2034535928
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416814.dll" , -545363932
10/3/2008-2:29:03 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416815.dll" , 122490953
10/3/2008-2:29:04 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP432\A0416816.EXE" , 248181904
10/3/2008-2:30:53 PM , Detected , Look2Me , Homepage Hijacker , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0420669.exe" , 1303292771
10/3/2008-2:35:11 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481312.exe" , -1770466895
10/3/2008-2:35:13 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481316.exe" , -477687333
10/3/2008-2:35:13 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481317.exe" , -1098554904
10/3/2008-2:35:13 PM , Detected , YourEnhancement , Downloader , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481318.exe" , -279719749
10/3/2008-2:35:14 PM , Detected , QuickLinks , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481320.exe" , -1722774454
10/3/2008-2:35:15 PM , Detected , QuickLinks , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481321.exe" , 1651812121
10/3/2008-2:35:43 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481749.exe" , -2054246313
10/3/2008-2:35:43 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481750.dll" , 511234291
10/3/2008-2:35:44 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0481757.dll" , 1404652916
10/3/2008-2:38:23 PM , Detected , Registry Cleaner , Rogue Security Software , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0482043.exe" , -1336253164
10/3/2008-2:39:06 PM , Detected , WinAntiVirus Pro 2006 , Trojan , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0482864.dll" , -979978231
10/3/2008-2:39:27 PM , Detected , ISearch , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483663.dll" , -589865272
10/3/2008-2:39:27 PM , Detected , ISearch , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483664.exe" , -300157616
10/3/2008-2:39:27 PM , Detected , ISearch , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483665.vbs" , 895676625
10/3/2008-2:39:36 PM , Detected , New.Net.Domain.Plugin , Spyware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0483872.EXE" , 415388503
10/3/2008-2:40:17 PM , Detected , SurfSideKick , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0484634.exe" , -1003763497
10/3/2008-2:40:17 PM , Detected , SpySheriff , Adware , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0484635.exe" , -417697825
10/3/2008-2:40:18 PM , Detected , Limewire , P2P , File "C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP433\A0484637.exe" , 213643229
10/3/2008-2:48:01 PM , Detected , PowerReg Scheduler , Adware , File "C:\WINDOWS\pss\PowerReg Scheduler.exeStartup" , 1752718300
***End Report***
 
CA Anti-Virus Realtime Log

This is a partial list of the viruses that were not in the System Restore area:

9/27/2008 17:35:54 PM File infection: C:\WINDOWS\system32\se500mdmd.sys is Win32/Starimp!generic trojan.
9/27/2008 17:35:54 PM File infection: C:\WINDOWS\Head24.exe is Win32/Petribot.MS worm.
9/27/2008 17:35:54 PM File infection: C:\WINDOWS\Head24.exe is Win32/Petribot.MS worm.
9/27/2008 17:35:55 PM File infection: C:\WINDOWS\win32crypt.exe is Win32/Petribot!generic worm.
9/27/2008 17:35:55 PM File infection: C:\WINDOWS\win32crypt.exe is Win32/Petribot!generic worm.
9/27/2008 17:48:09 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan. Deleted
9/27/2008 17:48:12 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:19 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:23 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:28 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:34 PM File infection: C:\Program Files\Imjtbuk\Ulxld.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:41 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan. Deleted
9/27/2008 17:48:45 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:49 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:50 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:52 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 17:48:53 PM File infection: C:\Program Files\Hqgd\Bcdt.exe is Win32/Dyfuca.B trojan.
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan. Deleted
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
9/27/2008 19:10:19 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
9/27/2008 19:10:20 PM File infection: C:\windows\system32\winbrume.dll is Win32/Brunme.E trojan.
10/3/2008 13:42:21 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\qhndy.exe is Win32/Anserin!generic trojan. Deleted
10/3/2008 13:42:23 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\real.exe is Win32/Multidropper.Y trojan. Deleted
10/3/2008 13:42:26 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\secure32.html is HTML/Startpage.TH trojan. Deleted
10/3/2008 13:42:27 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\uocgmrym.exe is Win32/Beenut!generic trojan. Deleted
10/3/2008 13:42:27 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\visfx500.exe is Win32/Notiex.E dropper. Deleted
10/3/2008 13:42:28 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\winstall.exe is Win32/Oneraw.AY trojan. Deleted
10/3/2008 13:42:28 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\winsysban11.exe is Win32/Thoog.I trojan. Deleted
10/3/2008 13:42:29 PM File infection: C:\Documents and Settings\My Pc\Desktop\clips\winsysupd11.exe is Win32/Thoog.I trojan. Deleted
10/3/2008 13:42:56 PM File infection: C:\Documents and Settings\My Pc\Local Settings\Temp\540144176436\2568.tmp is Win32/Thoog.MW trojan. Deleted
10/3/2008 13:44:10 PM File infection: C:\Documents and Settings\My Pc\Local Settings\Temporary Internet Files\Content.IE5\89A789AF\wsem303[1].dll is Win32/Dyfuca.F trojan. Deleted
10/3/2008 13:44:12 PM File infection: C:\Documents and Settings\My Pc\Local Settings\Temporary Internet Files\Content.IE5\O1YVWLYN\rogue[1].exe is Win32/Dyfuca.B trojan. Deleted
 
Also, I attempted to disable system restore to remove the stored system profiles. However, when I went to the System Restore tab, system restore was already turned off. Should I enable it and then disable it again? Not sure why the old restore points are still on the system.
 
Sorry for delay, for some reason I got no email notiifcation.

Yes, please disable and enable system restore and then re-scan with CA and post back log here.
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top